OpenSSL 未创建主题备用名称 (SAN)

tag-icon tag-icon ssl ssl-certificate openssl subject-alternative-names
OpenSSL 未创建主题备用名称 (SAN)

我一直在尝试创建具有主题备用名称的自签名证书;但是,尽管证书已成功创建,但 SAN 并未添加到其详细信息中。

这是我用来创建唱歌请求的命令。

openssl req -newkey rsa:2048 -nodes -sha256 -keyout server.key -out server.csr -config openssl-san.cnf

这是配置文件的内容。

[ req ]
default_bits           = 2048
distinguished_name     = req_distinguished_name
req_extensions         = req_ext

[ req_distinguished_name ]
countryName            = Country Name (2 letter code)
stateOrProvinceName    = State or Province Name (full name)
localityName           = Locality Name (eg, city)
organizationName       = Organization Name (eg, company)
commonName             = Common Name (e.g. server FQDN or YOUR name)

# Optionally, specify some defaults.
countryName_default           = **
stateOrProvinceName_default   = ****
localityName_default           = ****
0.organizationName_default     = ******
organizationalUnitName_default = **
emailAddress_default           = *********

[ req_ext ]
subjectAltName = @alt_names

[alt_names]
DNS.0   = localhost

证书详细信息 在此处输入图片描述

我在这里做错了什么?

请注意,我是一名软件开发人员,因此创建证书不是我的典型工作

答案1

minimal.cnf为您提供自签名的最小配置( )是:

prompt             = no
distinguished_name = req_dn
x509_extensions = x509_ext

[ req_dn ]
commonName         = Example Web Service

[ x509_ext ]
subjectAltName = @alt_names
# You may need the next line to stop Firefox complaining:
basicConstraints = critical; CA:TRUE
 
[alt_names]
DNS.1 = www.example.com
DNS.2 = example.com

使用以下命令创建自签名证书:

openssl req -x509 -new -newkey rsa:2048 -nodes -days 720 -keyout selfsigned.key -out selfsigned.cer -config minimal.cnf

相关内容